1 / 84

Intro to Ethical Hacking

Intro to Ethical Hacking. MIS 5211.001 Week 2 Site :. Conference Opportunity. BSides 2014 in Delaware Link: http:// www.securitybsides.com/w/page/81424469/BSidesDelaware2014 Past presentations are available on YouTube : http:// www.youtube.com/user/BSidesDE. Tonight's Plan. In the news

gili
Download Presentation

Intro to Ethical Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro to Ethical Hacking MIS 5211.001 Week 2 Site:

  2. Conference Opportunity • BSides 2014 in Delaware • Link: http://www.securitybsides.com/w/page/81424469/BSidesDelaware2014 • Past presentations are available on YouTube: http://www.youtube.com/user/BSidesDE

  3. Tonight's Plan • In the news • Cyber Crime Laws • Network Components and their impact on penetration testing • Linux fundamentals

  4. In The News • Submitted • http://www.wired.com/2014/08/car-hacking-chart/ • What I noted • http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls • http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/

  5. Cyber Crime Laws • Computer Fraud and Abuse Act (1030) • Obtaining National Security Information • Accessing a Computer and Obtaining Information • Trespassing in a Government Computer • Accessing to Defraud and Obtain Value • Damaging a Computer or Information • Trafficking in Passwords • Threatening to Damage a Computer • Attempt and Conspiracy

  6. Cyber Crime Laws • Wiretap Act (2511) • Unlawful Access to Stored Communication (2701) • Identity Theft (1028) • Access Device Fraud (1029) • CAN-SPAM Act (1037) • Wire Fraud (1343) • Communication Interference (1362) Source: Prosecuting Computer Crimes http://www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf

  7. Cyber Crime Laws • Electronic Communications Privacy Act (2510) • Makes intercepting cell phones illegal • Cyber Security Enhancement Act of 2002 (145) • Life in prison if cause or attempt to cause a death • An amendment to USA Patriot Act

  8. Sate Cyber Crime Laws • Many (Most) states have their own laws • In PA • Tit. 18 §7601 • Misdemeanor - Unlawful transmission of e-mail is misdemeanor of 3rd degree; unless causes damage of $2,500 or more, then misdemeanor of 1st degree. • Felony - Unlawful use, disruption of service, theft, unlawful duplication, trespass and distribution of virus are felonies of 3rd degree Source: http://criminallaw.uslegal.com/cyber-crimes/

  9. International Cyber Crime Laws • Penetration testers need to comply with applicable laws in: • Country they are working in • Country or Countries the systems targeted are located in • Country or Countries they traverse • If any of the above take you out of the US, need to contact an appropriate lawyer.

  10. Questions • ?

  11. Networking • The very first internetworked connection: Source: http://en.wikipedia.org/wiki/Internet_protocol_suite

  12. Networking • Today Source: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2-1/ServSecDC/2_Topolo.html

  13. Internet Protocol Suite • How Data fits together:

  14. A word about Ports • Ports – logical assignment to packets of data • Used to distinguish between different services that run over transport protocols such as TCP and UDP • IANA Registry: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=1

  15. Protocols • What we will cover • IP • ICMP • UDP • TCP • ARP

  16. IP Protocol • Internet Protocol • Primary protocol of the Internet Layer of the Internet protocol • Three main functions • For outgoing packets – Select the next hop host (Gateway) • For incoming packets – Capture the packet and pass up the protocol stack as appropriate • Error detection

  17. IP Protocol Source: http://nmap.org/book/tcpip-ref.html

  18. ICMP Protocol • Internet Control Message Protocol • Used by network devices to communicate status • Not typically used to exchange data • Does not have a “port” assignment • Not usually accessed by end-users accept for: • ping • traceroute

  19. ICMP Protocol Source: http://nmap.org/book/tcpip-ref.html

  20. UDP Protocol • User Datagram Protocol • Simple transmission model with limited mechanisms • No guarantee of delivery • No acknowledgement of receipt • Does include checksum and port numbers

  21. UDP Protocol Source: http://nmap.org/book/tcpip-ref.html

  22. TCP Protocol • Transmission Control Protocol • Sometimes called TCP/IP • Provides reliable, ordered and error checked delivery of a stream of data (or Octets) across local area networks, intranets, and public internet • This is the protocol used for HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, Telnet, and others

  23. TCP Protocol Source: http://nmap.org/book/tcpip-ref.html

  24. ARP Protocol • Address Resolution Protocol • Used to convert an IP address to a MAC Address • MAC Address is the unique hardware address written into the hardware of every network card • Example: 6C-62-6D-05-F9-18 • Tells me my Network Card comes from Micro-Star INTL CO., LTD in Taiwan (based on 6C-62-6D) • Can be altered by software

  25. Network Components • Switches • Routers • Firewalls • Standard • Next Generation • Web Application • Load Balancers • Proxies • Reverse Proxies • DNS

  26. Switches • Used to connect devices together on a network • Depending on functionality can operate at different layers of the OSI model • “Layer 1” – Hub – Traffic is not managed – Every packet repeated to every port • “Layer 2” – Data Link Layer – Some management – Switch knows MAC Address of locally connected devices and sends appropriate packets • “Layer 3” – Switch understands “routing” and knows what packets to pass out of the local segment Microsoft Explanation of OSI Model : http://technet.microsoft.com/en-us/library/cc959881.aspx

  27. Routers • Forwards packets between computer networks • Works to keep localized traffic inside and only passes traffic intended for targets outside the local network • Boundary between “Routable” and “Non-Routable” IP addressing

  28. Non-Routable Addressing(Private) • 10.0.0.0 to 10.255.255.255 • Class A • 16,777,216 addresses • 172.16.0.0 to 172.31.255.255 • Class B • 1,048,576 addresses • 192.168.0.0 to 192.168.255.255 • Class C • 65,536 addresses

  29. Firewalls (Standard) • Standard Enterprise Firewalls are “2nd Generation”, implies stateful • Filters traffic based on: • Address • Port • Stateful: Retains enough data about previous packets to understand connection state

  30. Firewalls (Next Generation) • Extend operation into the Application layer • Provides for Application layer filtering • Understands certain applications and protocols • Can determine if data inside a packet is consistent with the application or protocol

  31. Firewalls (Web Application) • Similar to Next Generation, but retains even more information around “normal” web site activity • Builds a profile of how users interact with a website, and what the traffic should look like • Generates alerts when patterns change • Can generate false positives if web site undergoes high volumes of change

  32. Network Address Translation(NAT) • Modifies network addresses in the IP datagram • Translation – Replaces the IP address in the packet with another address • Obscures addressing behind the NAT device, typically a firewall • Can convert non-routable addresses to routable addresses • Means the address you see is not necessarily the address of the target device

  33. Load Balancers • Distributes sessions across multiple server • User does not “Know” what server is in use • May terminate SSL connection for server, improving server performance • May apply additional SSL restrictions outside of certification rules • Internal tester can usually direct access to a particular machine or cell via alternate port

  34. Proxies • Intermediary between client machines and the rest of the network or internet • Can function as a NAT device • May be an embedded function of a firewall or may be stand alone • Uses • Content filtering • Logging and/or monitoring • Can obfuscate internal network details

  35. Reverse Proxies • Similar to proxy, but typically sits in front of servers • Uses • Hides details of server infrastructure • Can perform SSL termination function • Can reduce server load by caching • Can be embedded in a load balancer or firewall, or may be a stand-alone device

  36. DNS • Domain Name System • Consists of a tree of domain names • Example • Root -> .edu -> temples.edu • Basically the phone book for the internet

  37. Servers • Examples • File • Web • Application • Database • Log

  38. Typical Web Arrangement

  39. Security Technologies • Intrusion Detection Systems (IDS) • Intrusion Prevention Systems (IPS) • Network Behavioral Anomaly Detection (NBAD) • Data Loss Prevention (DLP) • Host Intrusion Detection (HIDS) • Host Intrusion Prevention (HIPS) • Baseline and Host File Integrity

  40. IDS and IPS • Analyzes packets and matches to known signatures to either alert or block traffic • Basically a burglar alarm for the network

  41. NBAD • Network Flow Analysis • Flow is metadata about network traffic passing through the infrastructure • System profiles “Normal” behavior and alerts on deviation from normal

  42. DLP • Monitors for activity against “sensitive” data. • Can be on servers and hosts • Can be on network • Typically knows what confidential or personally identifiable information PII looks like • Format of Social Security Numbers • Format of account numbers • Key words like Confidential, Account, etc…

  43. HIDS and HIPS • Similar to IDS and IPS, but resides on individual servers or workstations • Augments AV software • Can generate a lot of noise • Can interfere with Scanning and Penetration Testing

  44. Baseline and Host File Integrity • Establishes a baseline configuration for servers and monitors for deviation • Develops signature for key files on systems and monitors for change • Can help ensure systems stay configured as desired. • Last line of defense to detect compromise of a system.

  45. Questions • ?

  46. Linux • What is Linux • Open source operating system • Many similarities with UNIX • Why do we care • Some tools only available in Linux • Some tools work better in Linux • Best open source attack suites are built on Linux • Kali • Samurai WTF (Web Testing Framework)

  47. Logging In • For Kali the default password is toor • For Samurai the default password is samurai

  48. root • “root” is the base admin account on a Linux system. • Should not be used for routine operations

  49. SUDO • Used to execute commands that require root privilege • Requires user to supply their password, not the root password

  50. Changing Passwords (passwd) • “passwd” command is used to change passwords • Any user can change their password by typing passwd at the command prompt. • Will be prompted to enter new password twice • “root” or sudo user can change others passwords with command: passwd [login_name]

More Related